The funds, traced back to a ransom payment made on April 4, 2023, were originally paid in 49.3 Bitcoin, valued at approximately $1.45 million at the time, in exchange for a data decryptor. Authorities tracked the digital trail as the gang attempted to launder the funds through multiple virtual currency exchange accounts. The assets were eventually frozen at a cooperating exchange and then seized.

The announcement follows the recent takedown of BlackSuit’s extortion websites on the Dark Web, part of a coordinated international law enforcement action dubbed ‘Operation Checkmate’. The operation disrupted BlackSuit’s operations, as well as its affiliated ransomware platforms, including Royal, Quantum, and Chaos.

According to the US Department of Homeland Security (DHS), BlackSuit and Royal ransomware actors were responsible for over 450 cyber-attacks across critical US sectors, including healthcare, education, government, energy, and public safety. The authorities noted that the groups have received more than $370 million in ransom payments to date, based on current cryptocurrency valuations.

In a related action, FBI Dallas seized 20 Bitcoins worth roughly $2.4 million from a cryptocurrency wallet linked to a high-level member of the Chaos ransomware syndicate.

In an unrelated news, the threat actor known as ‘ShinyHunters’ has announced that BreachForums the cybercrime forum and its official PGP key have been compromised and are now allegedly controlled by French law enforcement (BL2C), in coordination with the US law enforcement agencies. Key administrator accounts, including those of Hollow, ShinyHunters, and the “Founder” (allegedly a federal agent), were reportedly taken over. The breach exposed private messages, plaintext passwords, IPs, emails, and other user data. Additionally, the site's source code was allegedly altered to log all activity. The forum has since gone offline.

Four Ghanaian citizens extradited to US in $100M BEC fraud scheme

The US authorities have charged four Ghanaian nationals for their alleged roles in an international fraud operation responsible for stealing over $100 million through romance scams and business email compromise (BEC) schemes.

The four defendants, Isaac Oduro Boateng (aka “Kofi Boat”), Inusah Ahmed (“Pascal”), Derrick Van Yeboah (“Van”), and Patrick Kwame Asare (“Borgar”), held key roles in a West Africa-based fraud ring that targeted individuals and businesses across the US between 2016 and May 2023.

According to court documents, the group was part of a larger criminal network known locally as “sakawa boys” or “game boys,” which specialized in exploiting vulnerable Americans, particularly older individuals living alone, by posing as romantic partners online. After gaining their victims’ trust, the scammers allegedly convinced them to transfer large sums of money to US-based middlemen, who laundered the funds and funneled the proceeds back to Ghanaian ringleaders, known as “chairmen.”

In addition to romance scams, the group is accused of conducting sophisticated BEC attacks, in which they spoofed legitimate business email accounts to trick employees into wiring company funds to fraudulent accounts. All four suspects are currently in federal custody and face a range of charges, including wire fraud, conspiracy to commit wire fraud, and money laundering. If convicted, they could face decades in prison.

Thirteen charged in $5M elder fraud scheme

Thirteen individuals have been charged in the US in connection with a transnational fraud scheme that targeted elderly Americans and defrauded them of more than $5 million.

The scheme involved several call centers in the Dominican Republic, through which the perpetrators allegedly tricked over 400 victims into believing their grandchildren or close family members were in legal trouble and urgently needed money.

According to the charges, the operation was led by Castanos Garcia, who oversaw multiple call center locations staffed by English-speaking employees. The employees executed so-called “grandparent scams,” in which a caller posing as a grandchild would claim to have been in an accident. A second caller, the “Closer,” would then impersonate a lawyer, urging the victim to send money to cover legal or medical fees. Once funds were collected, the defendants allegedly laundered the proceeds back to the Dominican Republic through a complex network of transactions.

All the defendants face charges of conspiracy to commit mail fraud and wire fraud, each carrying a potential sentence of up to 20 years in prison, three years of supervised release, and fines up to $250,000 or twice the loss amount. They also face money laundering conspiracy charges, which carry similar prison terms and fines of up to $500,000 or twice the laundered amount.

A Nigerian cybercrime ring targeting telecom towers and banks dismantled

Kuwait’s Criminal Security Sector has dismantled an international cybercrime ring involving Nigerian nationals who orchestrated a series of coordinated cyber-attacks targeting telecommunications towers and local banks.

The investigation was launched following reports from the Communication and Information Technology Regulatory Authority (CITRA), which flagged suspicious cyber intrusions into local telecom networks.

Investigators discovered that the suspects had used advanced electronic equipment to breach network systems and distribute mass phishing messages impersonating banks, aiming to steal sensitive customer data and siphon funds.

Using signal tracking, police traced the cyber-attacks to a car in Salmiya. When they tried to stop it, the driver fled, crashed into several cars, and was caught after a struggle. Inside the car, law enforcement officers found advanced hacking tools. The suspect confessed to working with a partner. Police later arrested the second suspect and found more data-processing devices at their home. Both individuals, along with the seized tools and equipment, have been handed over to the relevant authorities for prosecution.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Two fraudsters behind $577M crypto fraud sentenced to 16 months in prison

Two Estonian nationals, Sergei Potapenko and Ivan Turõgin, were sentenced to 16 months in US federal prison for orchestrating a massive cryptocurrency Ponzi scheme that defrauded investors of over $577 million. The 40-year-old men, who have already served their prison time in custody, will now return to Estonia under supervised release.

According to officials, Potapenko and Turõgin ran a company called HashCoins, claiming to sell high-powered cryptocurrency mining equipment. In reality, the company had little to no production capacity and failed to fulfill most orders.

As complaints mounted, the pair shifted tactics and promoted a fraudulent remote mining service called HashFlare. Investors were shown fake earnings on a dashboard, but most were unable to withdraw funds. According to court documents, HashFlare operated at just 1% of the computing power it claimed for bitcoin mining and only 3% for altcoins.

US and international law enforcement agencies seized over $450 million in assets, including cash, cryptocurrency, real estate, and mining equipment, linked to the scheme. Four additional co-conspirators remain unnamed, and the investigation is still ongoing.